Description: This security update resolves two privately reported vulnerabilities in the Pragmatic General Multicast (PGM) protocol that could allow a denial of service if malformed PGM packets are received by an affected system. An attacker who successfully exploited this vulnerability could cause a user’s system to become non-responsive and to require a restart to restore functionality. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests. The security update addresses these vulnerabilities by modifying the way PGM parses malformed packets.

Update type: Moderate

Release date: June 10, 2008

Applies to: All

Knowledge base: support.microsoft.com/kb/950762

Download link: 32-bit | 64-bit

Comments: Here are the specifics on the vulnerabilities covered by this update:

• PGM Invalid Length Vulnerability - CVE-2008-1440
• PGM Malformed Fragment Vulnerability - CVE-2008-1441